Privacy News

New York University Posts Student ID Numbers Publicly, Privacy Advocate Posts copy of NYU page on his site, faces lawsuit from NYU - Students Outraged at Privacy Violation.


Driven by worries about safety, the need for accountability, and perhaps a certain "I Spy" impulse, families and employers are adopting surveillance technology once used mostly to track soldiers and prisoners. New electronic services with names like uLocate and Wherify Wireless make a very personal piece of information for cellphone users physical location harder to mask. But privacy advocates say the lack of legal clarity about who can gain access to location information poses a serious risk. And some users say the technology threatens an everyday autonomy that is largely taken for granted.

TrueActive makes a computer program that buyers can install on a target computer and monitor everything that the machine's user does on the PC. Spying with software has been around for several years but one new feature in this program crossed a line between monitoring and snooping. That feature is called "silent deploy," which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine.


Motorists face travel tax and 'Big Brother' microchip law enforcement under New Zealand government plans to generate cash. Transport Minister Paul Swain said with vehicles becoming more fuel efficient, revenue from petrol tax would drop and alternative charges needed to be considered. It is one of a number of transport schemes being looked at by officials, including a Big Brother-style project to equip every car with a personalised microchip so law-breaking motorists can be prosecuted by computer.

Consumer groups and legislators are pushing to gain Californians the right to force companies to disclose what personal information they sell to other marketers. In addition, they are fighting to prevent Congress from preempting the recently passed California legislature bill that strengthens the financial privacy rights of Californians. The "Shine the Light" bill gives California customers the right to ask any company with which they have done business to reveal what personal information the company has sold for direct-marketing purposes in the last year.

Biometrics in our future The biometric use of personal information will continue to make inroads in how we interact with each other, our employers and even our machines and buildings. Therefore, staying informed about this technology as it develops should be of great interest to even the most committed Luddite as an employee, citizen and possessor of his own biometric identity. In the days following 9/11 and in light of provocative movies such as "Minority Report," looking at alternative means of identifying ourselves is becoming a growing concern.

Privacy law wounds fund-raising efforts at medical foundations. Last year, the California Pacific Medical Center Foundation raised a record $20 million for the San Francisco hospital and its programs. Now, thanks to a new federal law protecting patients' privacy, tapping donors who receive treatment at CPMC will become more difficult. Some rules contained in the Health Insurance Portability and Accountability Act of 1996 took effect last April. They limit how health-care providers can use and release medical information. Hospital-linked foundations fund-raisers no longer have access to patients' medical information.

A blocking technique to ease privacy concerns surrounding controversial radio frequency identification (RFID) technology has been developed by researchers at a major security firm. The labs at RSA Security have outlined plans for a technology they call blocker tags, which are similar in size and cost to RFID tags but disrupt the transmission of information to scanning devices and thwart the collection of data. The technique, one of few RFID-blocking technologies being worked on by researchers, is still a concept in the labs. But the next step is to develop prototype chips and see if manufacturers are interested in making the processors, according to Ari Juels, a principal research scientist with RSA Laboratories. Blocker and RFID tags are about the size of a grain of sand and cost around 10 cents.

Privacy ascendant: So the California Legislature, after years of doing the anti-consumer bidding of well-heeled benefactors in the financial industry, finally did the right thing last week by passing a serious financial-privacy bill. And today, Gov. Gray Davis, who had been a behind-the-scene ally of the obstructionists, is expected to sign it. That's the good news. But never underestimate the raw power of the financial lobby, nor its willingness to thwart the plain will of the people. The industry isn't about to give up, which means we'll also have to remain vigilant.

Consumer privacy fears over the tracking of goods tagged with wireless chips could negate any cost savings gained from using the technology in the supply chain, according to a leading industry analyst. The controversial radio frequency identification (RFID) tags have attracted attention from privacy groups such as the Consumers Against Supermarket Invasion and Numbering (Caspian), who are worried firms will continue to track RFID products even after they have been bought.


Marc Rotenberg, the head of the Electronic Privacy Information Center, predicted that the United States would soon adopt mandatory use of biometric identifiers in passports, scheduled to begin in three years. They have announced plans to test American passports with computer chips by Oct. 26, 2004. At a recent card technology conference, the deputy assistant secretary of state for passport services, Frank Moss, said the department planned to have all new passports containing biometric data by 2006 at an estimated annual cost of $100 million. About 55 million American passports are in circulation, and 7 million are issued annually.

Citibank on Monday warned customers not to fall for an e-mail scam that threatened to shut down their checking accounts if they failed to provide their Social Security numbers. Citibank said "numerous" people received the e-mail, which purported to advise them of conditions affecting their accounts. It said the e-mail linked to a Web site that looks like Citibank's, and asked customers for their Social Security numbers, a form of identification. "Although the e-mail appears to come from Citibank regarding 'Your Checking Account at Citibank,' it does not, and Citibank is in no way involved in the distribution of this e-mail," a company representative said. The e-mail is an example of "phishing"--the use of spam, or unwanted junk e-mail, to lure computer users to Web sites that look like those of reputable companies, and to deceive them into divulging personal financial data.

California lawmakers appear poised to adopt a hard-fought financial privacy law that is not nearly as strong as consumer advocates had wanted but still would be the strongest such law in the country. Financial privacy law to require banks, insurance companies and credit card companies to get permission before selling or giving customer information to third parties. And it would require companies to allow consumers to choose not to have their information shared with some affiliated companies. Representatives of the financial industry stood with consumer advocates and Sen. Jackie Speier, D-San Mateo, on Thursday to say that they would stop lobbying against the bill.

In the past three months, the hallways at Groesbeck-based Tel-A-Sell Marketing Inc. have become a lot less crowded. CEO Edd O'Connor has been forced to trim his telemarketing staff from 72 to 18. "I was running a full house earlier this year," said O'Connor. One of the big reason for the cuts: the chilling effects of the National Do Not Call Registry and other similar efforts in statehouses across the country. A month into the sign-ups for the federal Do Not Call list, nearly 30 million phone numbers across the United States have been registered for the list. That number could double by the time the list takes effect on Oct. 1. The ATA, which is challenging the list in court, said the national list could eventually cause more than 2 million lost telemarketing jobs.

Michigan law chief slams 'bogus' anti- spam group Remove.org, the "Do Not Spam" list outfit that has been accused of making false claims about its offering and even spamming people itself, has been warned by the Michigan Attorney General to buck up its act. Michigan Attorney General Mike Cox yesterday issued a legal notice to Remove.org warning the company that it faces a potential lawsuit under the Michigan Consumer Protection Act for deceptively marketing its supposedly anti-spam service to consumers.

Man charged cracking Acxiom, the world's largest consumer database companies. Daniel J Baas, from Milford, Ohio, is alleged to have illegally accessed and copied information stored at consumer database giant Acxiom last December while working for its partner, Cincinnati-based data-mining firm Market Intelligence Group. Following his 1 August arrest, Baas has also been charged with "unauthorised use of property" in breaking into Market Intelligence's systems in August 2002.

When computers are the weapons and the victims are far from sight, it is easy to operate quietly and, for a while at least, undetected. And that is how, for almost two years, Juju Jiang used an arsenal of computers in his bedroom on the 14th floor - in an apartment he shared with his mother - to break into others. According to the federal agents who prosecuted him, Mr. Jiang had unwitting help from his victims: customers at Internet terminals at 13 Kinko's copy shops in Manhattan entered personal information that he gathered with software he had installed

UK birth certificates to morph into your life story, and more? To little fanfare last month the UK's Office of National Statistics announced proposals for the creation of a central electronic database containing birth, death and marriage records. Announcing the publication of "Civil Registration: Delivering Vital Change," and a consultation process running through until 31st October, the ONS listed key changes as including the ability to register births and deaths online,* in person and by telephone, greater choice as regards marriage ceremonies and "new arrangements for access to registration information."

Managers who invest in privacy-eroding data-collection technology aren't always conscious that they're moving toward a world of widespread discriminatory pricing, Odlyzko says. Rather, they're trying out ways to use information to increase profits. But as corporations become more sophisticated in collecting and parsing consumers' personal information, success will lead them to more pervasive price discrimination. On July 28, I talked to Odlyzko about how data is being used to usher in a more efficient -- and privacy-invasive -- economy. Edited excerpts follow:
Q: Your paper posits that private companies now have both greater incentive and ability to discriminate on pricing by collecting and analyzing customer data. How so?
A: . . .

UK Prime Minister Tony Blair yesterday knocked the wheels off the ID card bandwagon, citing "huge logistical and cost issues that need to be resolved" before the cards can be implemented. If words such as "privacy" and "freedom" also figured in his reasoning he neglected to share this with us, but he pointed out that the last government had examined the issue "over a period of years" and had come to similar conclusions. British "entitlement card" for interaction with government has morphed into a security-driven compulsory national ID card scheme.

In everyday life, with a few simple precautions, you can keep your personal details private. By using cash, taking public transport, using a pre-paid mobile and avoiding the internet most of your movements will go unseen. You will not fade away entirely, but the time and trouble it will take someone to find out what you have been doing will make you a lot less visible. But on the net, almost no matter what you do, you leave behind scraps of information about what you have been doing. Information about the computer you are using, the sites you visit, where files were downloaded to and information you type into forms will be noted.

----------------------------------------------------------------------
Privacy Weekly is published by Privacy Council.
For a limited time, individual subscriptions are available for $199 annually. The regular subscription rate is $249 annually. Discounts on multiple subscriptions are also available. For more information, please contact:

Jennifer Simin jennifer.simin@privacycouncil.com

Privacy Council
1050 Connecticut Avenue, NW, Suite 1000
Washington, D.C. 20036
Toll Free Number: (866) P-Council (866.726.8624)